My MS Replacement Hired, Other Musings, Certificate Help Needed

So it looks like my Microsoft replacement has finally been hired. My buddy Chris Romp has taken over the role of BizTalk Technology Specialist for Microsoft SoCal. He’ll do a great job, but if any of my former customers are reading this, please give the poor guy a little time to get up to speed on the beast that is Microsoft!

Other random BizTalk musings on my mind today (and a plea for help) …

I wasn’t 100% sure at what point the ErrorReport for a Send port gets generated. That is, if a (send) port has 5 retries, does it wait until all those retries are exhausted? After a quick test, indeed, no ErrorReport is sent to the MessageBox until retries are done.

…

Today for the first time, I had to send a message to a SharePoint library and DIDN’T apply the InfoPath declaration in the Xml pipeline. Instead, I wanted to see if sending the “naked” message to a SharePoint forms library (which had an InfoPath form associated with it) would still cause it to get opened with library’s template. Sure enough, it worked. I guess I knew it SHOULD work, but simply never tried.

…

Anyone have success doing BizTalk message encryption/decryption using certificates created with the .NET makecert tool? I’m getting owned right now. I built a certificate (makecert -n “CN=CompanyCA” -pe -r -sv “c:\cert\CompanyCAPrivate.pvk” “c:\cert\CompanyCAPublic.cer”), installed the public certificate in the machine’s Other People store (for BizTalk to use when encrypting outbound messages). I then put the private key certificate in the BizTalk host account’s Personal store so that BizTalk could use it to decrypt inbound messages. I created send/receive pipelines with the necessary MIME encoding/decoding and picked the certificate at the right places (send port, receive host).

When I send a file out from BizTalk, it shows up perfectly encrypted. However, if I drop that same file into a location for BizTalk to pickup and decrypt, I get “There was an authentication failure. ‘Failed to decode the S/MIME message. The S/MIME message may not be valid’.” After spending waaaay to long on this, I’m about to light myself on fire.

4 replies

Im working in a BizTalk project where we’re using security certificates.

We obtain for a particular message this error about S/MIME decode and we have been talking with Microsoft engineer and the conclusion has been that the message has an incorrect sign. We`re looking through now the canonicalization mode and the encoding.